[PATCH] rsn_supp: Don't encrypt EAPOL-Key 4/4.

Jouni Malinen j at w1.fi
Sun Feb 12 14:43:16 EST 2012


On Sun, Feb 12, 2012 at 07:35:40PM +0100, Nicolas Cavallari wrote:
> On 12/02/2012 19:25, Jouni Malinen wrote:
> > It would not make difference for the initial 4-way handshake at the
> > beginning of the association, but it breaks PTK rekeying, i.e., another
> > 4-way handshake during the association. In that exchange, all EAPOL
> > frames need to be encrypted with the old key.
> Where is that specified ? My interpretation of the standard is that
> setprotection(rx) is called before sending 4/4, so Tx encryption
> should be disabled for 4/4 ...

In the IEEE 802.11 standard obviously.. ,-)  Though, it may be a bit
difficult to find this and some reading between lines may also be
needed.

> If you don't want to not encrypt 4/4, there is no need to implement
> setprotection(rx)...

There is. The key point here is that the 4-way handshake (including
retries) is expected to be completed with the PTK that was in use at the
beginning of the handshake. In other words, all four EAPOL messages in
the 4-way handshake at the beginning of the association are unprotected
while all four EAPOL messages (including retries) in the PTK rekeying
4-way handshakes are encrypted using the old PTK.

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list